So here's something I came across last month. I'm going to modify a PM I sent someone else and try to expand upon it so that others know what happened.

When I was using SbieCtrl and selecting Menu > Configure > Edit Configuration I would see a cmd window pop up but the sandboxie.ini was never opened in notepad. It went by in a flash so I didn't know what was going on at first.

I eventually used procmon and saw that instead of launching notepad, sbiectrl was instead using a key from
HKCR\*\shell\runas
which was a key I added a long time (1 year+) ago for taking ownership of files

Instead of opening the sandboxie.ini via notepad, it was taking ownership of the ini via that key!

The Why:
I finally tracked the cause down to another key (HKCR\exefile\shell\runas) for which I had removed read/write rights to (say that 10x fast), I can't say for sure but I think it was when I started restricting runas, 'runas other user' and 'run as admin' from the context menu for L/SUAs.

The problem/bug (maybe):
If it couldn't read the key shouldn't it just do nothing instead of randomly using another key in its place or does it just fallback to another runas (* ='s all after all) it finds? Maybe it's a quirk with the way windows interacts with the registry keys and some type of fallback but for the life of me I can't figure out for sure why it happened.

Why does removing read/write access to an EXE key mess with the way sandboxie opens the INI?

My workaround for now was to undo the read/write restrictions but I don't really think that's a suitable long-term fix either. I guess if it's Windows related there's not much that can be done and I'll have to live with it...but I'd like to know if that's the case!